RedHat: RHSA-2021-5130:02 Critical: Red Hat Integration Camel-K 1.6...

Advisories

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Critical: Red Hat Integration Camel-K 1.6.2 release and security update
Advisory ID:       RHSA-2021:5130-01
Product:           Red Hat Integration
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:5130
Issue date:        2021-12-14
Cross references:  RHBA-2021:85820-01
CVE Names:         CVE-2021-44228 
=====================================================================

1. Summary:

A minor version update (from 1.6.1 to 1.6.2) is now available for Red Hat
Integration Camel K that includes bug fixes. The purpose of this text-only
errata is to inform you about the security issues fixed in this release.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

A minor version update (from 1.6.1 to 1.6.2) is now available for Red Hat
Camel K that includes bug fixes and enhancements, which are documented in
the Release Notes document linked to in the References.

Security Fix(es):

* log4j-core: Remote code execution in Log4j 2.x when logs contain an
attacker-controlled string value (CVE-2021-44228)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value

5. References:

https://access.redhat.com/security/cve/CVE-2021-44228
https://access.redhat.com/security/updates/classification/#critical
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2021-Q4
https://access.redhat.com/documentation/en-us/red_hat_integration/2021.q4
https://access.redhat.com/security/vulnerabilities/RHSB-2021-009

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYbj059zjgjWX9erEAQhalQ/+PuVXRzieQeQiZctS/tYZkXltWfWNejfX
cTIKOrb0MRm93A4QijoR7qm10HNGD+KDKh4bLL4oYDiR9GXifeUtY8I1I2J+vUHO
iWETsLMyj4byqe9Z94801OmbSgWDrWNnrCO8hnYaCHlKvQyoeNCL3GubwjKrN6kP
rVJyPLmnh+4U1/RgkjC1UzN+DiG931aSzTzgpodHpVNFVrPQe/f46LyVZTOlES0o
O2xY8u0zha5UvuceNqMVomMTt8ARqPY761ix+Kfyn5UF3WqzLfM4DIv4qbqhxbIy
8jGNd6cRZ6snVetxnoUqrOtYw/N/wD5H9N33uWuhzlwHHGcwYADey/ALfJCTxgvO
MjfdKSrv1XAB8CRR5cf6WRZyU4fb11ZsQPjoYVnL2rOANdLja0D6v4h6MgItnHTD
fbzKLkOg5DemZRLC0c0+XdoV9r/XAWxpBc4P+62ViTFQwUEnPaTc1I2WZN7G7PvG
kcbBhaeo1pkcJTci6ovey2dolQYx7+YjIKuA/gYQ1JECtP7lVmYSWmqPNMxCd9QE
NRK/0yoN7LyJCxpzTvxvv2dpUbURZ6Vp/GsisMU+VnHl44BepGo3kGOlpcl0mf7o
bTJ6SOg0OziTvwVXpfG+2sHBEjJqTiZd34wlMTQZJoWdwyKw08KNSUcmZK1sc3gV
Dn4mcHyBPHc=
=iWEy
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2021-5130:02 Critical: Red Hat Integration Camel-K 1.6.2

A minor version update (from 1.6.1 to 1.6.2) is now available for Red Hat Integration Camel K that includes bug fixes

Summary

A minor version update (from 1.6.1 to 1.6.2) is now available for Red Hat Camel K that includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2021-44228 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2021-Q4 https://access.redhat.com/documentation/en-us/red_hat_integration/2021.q4 https://access.redhat.com/security/vulnerabilities/RHSB-2021-009

Package List

Severity
Advisory ID: RHSA-2021:5130-01
Product: Red Hat Integration
Advisory URL: https://access.redhat.com/errata/RHSA-2021:5130
Issued Date: : 2021-12-14
Cross references: RHBA-2021:85820-01
CVE Names: CVE-2021-44228

Topic

A minor version update (from 1.6.1 to 1.6.2) is now available for Red HatIntegration Camel K that includes bug fixes. The purpose of this text-onlyerrata is to inform you about the security issues fixed in this release.Red Hat Product Security has rated this update as having a security impactof Critical. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Relevant Releases Architectures

Bugs Fixed

2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.